PIA from a fixed location in Windows
my name is Shukhrat Nekbaev and I'm a .NET Developer. I'd like to add my 2 cents into well-known problem of PIA with firewall/AV software when it runs from a temp folder location.
Background: I have Agnitum Security Suite installed and as reader may have guessed it doesn't like "malware'ish like" activity of PIA application. What I mean by that is when pia_manager is executed it creates folders in Windows temp directory, one of which contains an unsigned executable (rubyw.exe) and tries to run it. One more time: every time you run pia_manager.exe -> creates a temp folder and runs unsigned exe. For AV software this behaviour is very suspicious, I assume this is a "malware dropper"-like behaviour - http://en.wikipedia.org/wiki/Dropper_(malware). I wanted to run the application from a persistent location, so I could create system/network rules for rubyw.exe (unsigned, duh) explicitly.
Why temp folder is used?
PIA application was developed using Ruby. Skipping the "Why?" (including the "but it runs on Win/Lin/Mac") part we end up with question "How to execute Ruby application on client PC?", to avoid headaches PIA developer(s) decided to use OCRA tool (http://ocra.rubyforge.org/), which basically packages Ruby files into a single executable. When executed it extracts the content to "specific" location and then runs by specifying command line to Ruby interpreter.
Its documentation states: "The 'current working directory' is not changed by OCRA when running your application. You must change to the installation or temporary directory yourself." I don't have experience with Ruby, neither OCRA, but I speculate with it might have been possible to specify the fixed directory. But even so, the executable would extract files into fixed directory and files will be overwritten (maybe there is a switch "Don't overwrite"?) and decent AV software will detect that executable has changed and will start complaining again, but now one should be able to add that fixed path to "Exclusions" list. When I contacted support, I was suggested to white list "rubyw.exe" etc. But then what? I can rename any malware to rubyw.exe and it will be skipped unless AV software will somehow "figure out" that the newly created executable is the same as the one from "yesterday"? Anyway, I wanted to keep component and executable control "ON" in my AV software and do not add to "allow all" exclusions the unsigned binary of rubyw.exe.
How the "fixed" location part could be addressed?
Well, not to use the temp folder in the first place and run rubyw.exe with parameters directly. This is what I did by developing a small launcher application. My findings are based on several hours of research.
You will need administrative privileges to perform these operations and .NET Framework 2.0 to run the application:
1) Run PIA application, let it start
2) Now you need to find the temp directory created by PIA, it has a patter like C:\Users\YOUR_USER_NAME\AppData\Local\Temp\ocrXXXX.tmp\
YOUR_USER_NAME <-- this is YOUR username
XXXX <-- randomly generated alphanumeric value, but you should be able to find that folder easily, for example, I had: C:\Users\SHUKHR~1\AppData\Local\Temp\ocrF22C.tmp
So, find this temp folder, it will contain 3 folders: bin, lib and src, keep it open
3) Now open location where PIA is installed, in my case it was installed to "c:\Program Files\pia_manager" (I will refer to this location as "PIA directory" from now on)
Copy those 3 folders (bin, lib and src) to PIA directory
4) Exit PIA application
5) Next rename pia_manager.exe to pia_manager.exe_ so that you have a backup copy
6) Download a zip file from my PC - http://particlefusion.org/pia_manager.zip
Unpack and copy following files (from attachment) into PIA directory:
HEY! WHAT IS THIS? ANOTHER EXECUTABLE? I DON'T TRUST YOU!
Yes and that's good that you don't trust any unsigned executables, that is why I've provided the source code for the program, you can download a free version of Visual Studio 2012 and compile it yourself. I've provided the executable only for the most lazy ones You can use ILSpy or Reflector to see its content and compare to source code. So, no hidden surprises.
If you have done everything correctly, from now on it should run from PIA directory.
I have tested on my Win8.1 box.
P.S: provided as is, feel free to use the source code for your own needs